EventBot is targeting the users in countries across Europe and the United States.

EventBot is a new type of Android mobile malware that Cybereason has been investigating since its inception in March 2020. EventBot abuses Android’s accessibility features to steal user data from financial applications, read user SMS messages and steal SMS messages to allow the malware to bypass two-factor authentication. The more than 200 financial apps impacted include: Paypal Business, Barclays, UniCredit, CapitalOne UK, HSBC UK, Santander UK, TransferWise, Coinbase and many more.

“Cybereason believes EventBot could be the next influential mobile malware because of the time the developer has already invested into creating the code and the level of sophistication and capabilities is really high. By accessing and stealing this data, Eventbot has the potential to access key business data, including financial data. Mobile malware is no laughing matter and it is a significant risk for organisations and consumers alike,” said Assaf Dahan, Senior Director, Head of Threat Research, Cybereason.

Organisations can protect themselves from the growing mobile threat by improving their security hygiene, launching a security awareness training program and these additional measures, including:
• Keep your mobile device up to date with the latest software updates from legitimate sources.
• Keep Google Play Protect on.
• Do not download mobile apps from unofficial or unauthorised sources. Most legitimate Android apps are available on the Google Play Store.
• Always apply critical thinking and consider whether you should give a certain app the permissions it requests.
• When in doubt, check the APK signature and hash in sources like VirusTotal before installing it on your device.
• Use mobile threat detection solutions for enhanced security.